FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

lha buffer overflows and path traversal issues

Affected packages
lha < 1.14i_4

Details

VuXML ID a2ffb627-9c53-11d8-9366-0020ed76ef5a
Discovery 2004-04-29
Entry 2004-05-02
Modified 2004-05-03

Ulf Härnhammar discovered several vulnerabilities in LHa for UNIX's path name handling code. Specially constructed archive files may cause LHa to overwrite files or execute arbitrary code with the privileges of the user invoking LHa. This could be particularly harmful for automated systems that might handle archives such as virus scanning processes.

References

CVE Name CVE-2004-0234
CVE Name CVE-2004-0235